- added Replay support on Hightower 1, Hightower 2, 2Fort and Saxton Hale (testing)
- added dr_bank_v1 on both DR Servers
- added more Prophunt maps (arena_harvest_v2, ph_007facility_a5, ph_campsite_a3, ph_chapel_rc2, ph_harvest_event_a1, ph_hilltop_a2, ph_watermill_a1)
- added trial admin section
- updated VSH
- updated Jailbreak (update revoked yet due instable, need to do some testing on my dev server)
- updated Jump maplist and added anti base jumper
- updated a couple of internal plugins
- fixed an issue causing smileys not show properly in the shoutbox
- fixed thread prefixes permissions
News Changelog 09.10.2014 (1 Viewer)
- Thread starter Kevin
- Start date
1.50 (10/7/2014 | 2:43PM CDT)
* Removed gamedata dependency.
* Fixed mantreads not giving increased jump height.
* Reserve shooter no longer Thriller taunts.
* Optimized some code and brought in sync with the github
* Now incompatible with versions of SM lower than 1.6.3
inu
Well-Known Member
- Joined
- May 26, 2013
- Messages
- 835
That's a great attitude to have whilst session hijacking and SQLi are possible. By the time you find someone you already have a massive gap where people could have abused this.when someone is loyal enough
inu
Well-Known Member
- Joined
- May 26, 2013
- Messages
- 835
There are no simple fixes without access to the codebase. You are throwing bags onto your mule until its legs break.
Let's recap:
The webserver and the database server are pre-written bullshit(I know you are looking to hire someone to write a secure Nginx webserver but I doubt anyone is going to sign an NDA for a small gaming community)
The forum is pre-written software that ONLY guarantees security if ran without any add-ons, which you run plenty of(this again can only be fixed with ACP, SFTP and SSH access)
Sourcebans has had SQLis dating back to its beginning with literally pre-written scripts to exploit them(this can only be fixed with SSH and SFTP access and is a MAJOR operation)
Forum permissions are quite the chaos(the general structure is really bad and you could fix that on your own if you wanted to)
I am not even going to start with the community issues as that would be an essay on its own. You should really start tackling some of those points and offload more work onto your staff. As a site owner you should have the time to actively develop and let your "underlings" do the dirty work.
This is your issue, Kevin. You are pretty good with networking but have little idea of programming, development, community management and websec. Stacking boxes on top of that is just going to make fixing the issues much much harder in the end.
Either you are going to hire a dev from your community or ask around the web if someone is up for the challenge and is willing to sign that silly NDA you want.
Just my 2cents and you really don't have to care what I have to say, I just find it worrying that top priority problems are pushed aside and then the changelogs contain vague wording such as
- updated backend stuff
Edit: I am not posting this publicly to shame or attack you. I am posting this publicly because I think a lot of people are not even aware of any of this because they see "updated backend stuff" and assume something major really happened. There is no shame in not being versed in code but owning a site, that's why you will find that large communities, such as Steamrep, have one or two technical admins who do all the development.
you might be right the default configuration is really bullshit since there is no cache or anything else included, since i dont use the pre-written shit and either use my own configs it runs pretty good.
i run a couple of addons from known and trusted developers to prevent security leaks or either injections.
sourcebans is an own problem since its first of all pretty outdated (seems like no one cares about it or idk, version 2.0 still didnt got any updates) but as i said contact me and we can sort out things like that together.
might explain whats exactly the chaos? except your moderator permission is everything well configured.
i told you the reasons for that NDA so im not gonna mention it here again, it might look silly and maybe it is but you know the reasons or either that shit with Max and Keiii in the past.
also you are completely wrong with that updated backend stuff, i dont add randomly shit to the public forums, first i gonna test it on my private locked site to see how it works and if its even needed and then after some days i add it then maybe to the public page.
also i have no problem with it that you post it here, we will see what the next days bring.
EDIT:
- updated Slender Fortress
- updated Slender Fortress maps (slender_abandoned_b1a, slender_alpha_complex_b1, slender_atomics_b4a, slender_cellars_b4, slender_claustrophobia_b1, slender_elementary_b1a, slender_forgotten_tomb_b2, slender_frost_run_b4, slender_gutters_b2b, slender_hospice_b5, slender_lobbys_b2, slender_lockers_b5a, slender_noexit_b1a, slender_sanatorium_b2, slender_scp_087_b_v3, slender_sector_six_b1b, slender_sewer_b1a, slender_the_abyss_v3, slender_the_ward_b1a, slender_weepers_b3)
- more bosses for Slender Fortress (already working on that, atm got some model issues)
inu
Well-Known Member
- Joined
- May 26, 2013
- Messages
- 835
It's not about the configs, it is about how it is written, what it is made of and that the web end is a major security hole.
I can not confirm nor deny that so no point arguing against your word. Only you know what plugins you run
There were several permission glitches such as prefixes and permission escalations around the forums. They seem to have faded away by now but I dread to imagine how it looks around the back of the shed.
NDAs are easy to bypass and no serious dev will sign one for such a small site. You know that.
You added PHP 5.5 and 5.6 in a whim without doing any research at all.
the backend of the webserver is secure if you believe it or not, lots of stuff has changed and i also added something to it to make it abit safer.It's not about the configs, it is about how it is written, what it is made of and that the web end is a major security hole.
I can not confirm nor deny that so no point arguing against your word. Only you know what plugins you run
There were several permission glitches such as prefixes and permission escalations around the forums. They seem to have faded away by now but I dread to imagine how it looks around the back of the shed.
NDAs are easy to bypass and no serious dev will sign one for such a small site. You know that.
You added PHP 5.5 and 5.6 in a whim without doing any research at all.
i know that some weeks ago there was a permission bug, well said they werent setup properly but i fixed that immediately.
i did alot of research in different forums if php5.5-5.6 is stable to run it with xenforo and i only use stable builds and not those rc versions.
inu
Well-Known Member
- Joined
- May 26, 2013
- Messages
- 835
Your backend is not secure.
Yes you did.
Stable =/= secure. Installing completely new BACKEND software without researching the differences between this and the previous version is not a behaviour of security at all. You have more on your server and Xenforo and it's not the only way to get into it.